The Hacker News — Cyber Security, Hacking, Technology News

In Brief

Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users.

Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data.

Viber is the latest messaging platform to join WhatsApp, Telegram, and Apple iMessage, who strengthened their default privacy features in recent times.

Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today.

Besides offering end-to-end encryption on all communication, the company will also provide a new PIN-protected hidden chat feature to help its users hide conversations from the main chat list, as well as Contact Authentication feature to verify contacts you're talking to.

All users need to update their app with the latest version of the company's software, Viber 6.0, take advantage of the features.

Once installed, your Viber app will now show you a padlock in conversations to confirm that your one-to-one and group messages are end-to-end encrypted.

However, users will probably need to wait few weeks before everyone's app updates to add the new end-to-end encryption on Android and iOS.

In the wake of Apple’s months-long battle with the Federal Bureau of Investigation (FBI) over an iPhone used by a San Bernardino terrorist, it seems like end-to-end encryption has become a trend and you’ll continue to see this in more applications and services.

Here's How:

Firefox Hello had already arrived last year via Firefox 41.0 Beta release with an aim of improving user’s experience by providing them with free voice and video calling features, irrespective of additional software or hardware support.

By adopting Firefox Hello:

Both the parties don't need to have same browsers, software or hardware.

No sign-up other than a logged-in Firefox account required for the communication.

Sending and receiving Instant messaging simultaneously working with video calling in Firefox for Windows, Mac and Linux.

Enabling Screen sharing, by the persons in communication.

Enabling Contacts integration if both the parties use different browsers.

This stable release has not been released for desktops versions alone; it is supporting the Android operating system as well.

WebRTC technology is such, which enables browser-based real-time communications without any transmission delays. It comes with features like:

Allowing the smooth flow of communication by ditching download of any additional plugins.

Using robust encryption methods.

Saving costs.

The services included in Firefox Hello can be availed of when your system is running with a browser (Firefox, Chrome, Safari, Edge or Opera) updated with WebRTC support.

Along with Firefox Hello, many other notable updates and features come with Firefox 41.0, such as setting up a profile picture for Firefox account and fixing up security issues to name a few.

Browser-based security issues cannot be neglected at the same time. As with the launch of any new technology, people with malicious intent will always look the picture from the other side to break in.

One of the most popular free calling App "Viber" for smartphones got hacked and defaced their one of the subdomain i.e http://support.viber.com/ by Pro-Assad hacker group theSyrian Electronic Army.

According claimed to take backup of their partial database, as shown, "We weren't able to hack all Viber systems" hacker said.

SEA hackers also suggested Viber (an instant-messaging and VoIP service) users to uninstall the application because company is spying and tracking each user, recording IP address of each user in database as shown above, "Warning: If you have "Viber" app installed we advise you to delete it" they tweeted. Earlier this year, Viber announced that it had over 200 million mobile users.

Just today same hackers also managed to hacked into Daily Dot News website and deleted an article against them and last weekend Millions of Phone Book records were stolen from Truecaller Database by SEA.

Update : Just after announcing the hack publically, Viber administration team takes down the defaced domain. If you still want to see the deface page, please check Mirror of Hack.

Update: Viber has told TechCrunch how the attack happened; they say your data is safe:Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

Update : Viber representative commented on the The Hacker News's story, "no sensitive user data was exposed and that Viber's databases were not "hacked". Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system. We are reviewing all of our policies to make sure that no such incident is repeated in the future."

Update : Viber's helpdesk (support.viber.com) is using Kayako's customer service software, used by more than 30,000 organizations.

An official statement from Kayako to The Hacker News, "The security of our customers' helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual's account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation."